Company Profile

Security Operation Center - SoC Engineer at

About the Employer

Job Description

  • Responsible for conducting incident response operations according to industry best practices. 
  • Must have extensive experience in multiple security areas such as SIEM, IDS, APT, and WAF. 
  • Should have extensive experience in Linux, Mac and Windows operating systems, deep knowledge of network and web attack methods. 
  • Perform monitoring and data correlation to events of interest using multiple tools such as system event logs, SIEM, IPS/IDS logs, network traffic, anti-virus console and client end-point software to determine if there is an incident.
  • Respond to security incident and investigation requests.
  • Triage cloud (AWS, Azure and AliCloud) security events and create correlations.
  • Drive containment strategy during data loss or breach events.
  • Triage and resolve advanced vector attacks such as botnets and advanced persistent threats (APTs), TTPs.
  • Perform basic forensic activities e.g. conducting examinations of computers, system logs, applications and networks to locate evidence.
  • Reverse engineer malware and identify malware infestation and attack patterns to fine tune our security controls.
  • Perform Root cause analysis (RCA) for the incidents and update the knowledge management.
  • Works directly with data asset owners and business response plan owners during high severity incidents.
  • Create and tune signatures and policies of IDS, proxy, in-line malware tools based on threat feeds, trust and reputation data, incidents, or vulnerabilities and exploits of downstream systems.
  • Provide tuning recommendations to administrators based on findings during investigations or threat information reviews.
  • Creating and tuning the work flow documents.
  • Evaluate various protection mechanisms / tools and recommend the best suited.
  • Configure and maintain high and low interaction honeypots, spider-traps etc, and monitor the activities.

Technical & Professional Skill Requirements:

  • Hands-on investigation and log analysis exposure
  • Experience in IT security and defensive technologies (Antivirus, Firewalls, Event Monitoring, Network and Perimeter devices, Data Loss Prevention, IDS, Web content filtering)
  • Should be familiar with handling and mitigating attacks related to viruses, spoofing, hoaxes, malware
  • Should be familiar with emerging security threats and their attack vectors especially web application attacks
  • Knowledge of SSL/TLS, certificates and encryption methods
  • Exposure to security tools (Web application firewalls, web application security scanning with Burp Suite, Nessus and Tenable Security Center, Snort IDS, Wireshark, Scapy, Data Loss Prevention software, NitroView/McAfee ESM)
  • Good documentation, analysis skills with excellent problem solving and planning skills with a flexible approach
  • Sound understanding of OS (Unix/Linux, Windows, OSX), IPS/IDS, VPN, Firewalls, Web Application Firewalls, Application Security.
  • Good to have certifications: CSA, GCIH, GCIA
Find your dream job